Legal Library

White Papers

SEC Seeks Comment on Cybersecurity Issues in ANPR for Transfer Agents

December 30, 2015

Law Firm: Sutherland Asbill Brennan LLP - Washington Office

On December 22, the Securities and Exchange Commission (SEC) issued an advanced notice of proposed rulemaking (ANPR) for new transfer agent requirements, and it also issued a concept release for which public comment on the SEC’s broader review of transfer agent regulation is sought. In the ANPR, the SEC specifically cited cybersecurity as an area in which the Commission intends to propose new rules and rule amendments.

Due in part to concerns that widely varying transfer agent safeguarding procedures and controls could create uncertainty and risk in the market and that insufficient safeguarding of information and data could lead to the loss of information, theft of securities or funds, fraudulent securities transfers, or the misappropriation or release of private securityholder information to unauthorized individuals, the SEC plans to propose certain amendments to the transfer agent rules to address how technology in general and cybersecurity risks in particular affect transfer agents and their activities, and how transfer agents’ technology and information systems, including securityholders’ data and personal information, may be related to their safeguarding activities. Specifically, the Commission intends to propose new or amended rules requiring registered transfer agents to, inter alia, create and maintain (1) a written business continuity plan, tailored to the size and activities of the transfer agent, identifying procedures relating to an emergency or significant business disruption, including provisions such as data back-up and recovery protocols; (2) basic procedures and guidelines governing the transfer agent’s use of information technology, including methods of safeguarding securityholders’ data and personally identifiable information; and (3) appropriate procedures and guidelines related to a transfer agent’s operational capacity, such as IT governance and management, capacity planning, computer operations, development and acquisition of software and hardware, and information security.

In connection with its desire to propose these new rules and amendments, the SEC is seeking comment on a variety of transfer agent cybersecurity issues, particularly issues related to (1) safeguarding security holder information and data and (2) operational risk, cybersecurity, and other technology-related issues. Following publication of the ANPR and the concept release in the Federal Register, there will be a 60-day public comment period to address these cybersecurity inquiries and the other issues for which the SEC seeks comment in the ANPR and the concept release.

The views expressed in this document are solely the views of the author and not Martindale-Hubbell. This document is intended for informational purposes only and is not legal advice or a substitute for consultation with a licensed legal professional in a particular case or circumstance.

Contact Sutherland Asbill Brennan LLP - Washington Office

Choose Area of Practice Area of Practice is requiredFirst Name First Name is requiredLast Name Last Name is requiredE-mail Address E-mail Address is requiredInvalid E-mail Address

Describe Your Legal Matter

0/1000 characters

Describe Your Legal Matter is required

Country Country is requiredZip CodeZip Code is requiredInvalid Zip CodeCity/Town/Locality City/Town/Locality is requiredState/Province/DistrictState/Province/District is requiredPhone Number Phone Number is requiredInvalid Phone Number Preferred Contact Method

By clicking on the "Submit" button, you agree to the Terms of Use, Supplemental Terms and Privacy Policy. You also consent to be contacted at the phone number you provided, including by autodials, text messages and/or pre-recorded calls, from Martindale and its affiliates and from or on behalf of attorneys you request or contact through this site. Consent is not a condition of purchase.

You should not send any sensitive or confidential information through this site. Emails sent through this site do not create an attorney-client relationship and may not be treated as privileged or confidential. The lawyer or law firm you are contacting is not required to, and may choose not to, accept you as a client. The Internet is not necessarily secure and emails sent though this site could be intercepted or read by third parties.

CONSUMER WEBSITES

The information provided on this site is not legal advice, does not constitute a lawyer referral service, and no attorney-client or confidential relationship is or should be formed by the use of this site. The attorney listings on the site are paid attorney advertisements. Your access of/to and use of this site is subject to additional Supplemental Terms.